{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T09:47:50Z","timestamp":1781084870581,"version":"3.54.1"},"reference-count":79,"publisher":"Springer Science and Business Media LLC","issue":"16","license":[{"start":{"date-parts":[[2023,3,5]],"date-time":"2023-03-05T00:00:00Z","timestamp":1677974400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,3,5]],"date-time":"2023-03-05T00:00:00Z","timestamp":1677974400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Neural Comput & Applic"],"published-print":{"date-parts":[[2023,6]]},"DOI":"10.1007\/s00521-023-08376-5","type":"journal-article","created":{"date-parts":[[2023,3,5]],"date-time":"2023-03-05T11:02:25Z","timestamp":1678014145000},"page":"12175-12193","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":32,"title":["Flow-based intrusion detection on software-defined networks: a multivariate time series anomaly detection approach"],"prefix":"10.1007","volume":"35","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6950-8927","authenticated-orcid":false,"given":"Sultan","family":"Zavrak","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Murat","family":"Iskefiyeli","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2023,3,5]]},"reference":[{"issue":"1","key":"8376_CR1","doi-asserted-by":"publisher","first-page":"303","DOI":"10.1109\/SURV.2013.052213.00046","volume":"16","author":"MH Bhuyan","year":"2014","unstructured":"Bhuyan MH, Bhattacharyya DK, Kalita JK (2014) \u201cNetwork anomaly detection: methods, systems and tools. Commun Surv Tutorials, IEEE 16(1):303\u2013336. https:\/\/doi.org\/10.1109\/SURV.2013.052213.00046","journal-title":"Commun Surv Tutorials, IEEE"},{"key":"8376_CR2","unstructured":"McKeown N (2011) \u201cHow SDN will shape networking,\u201d ONS 2011, 2011. [Online]. Available: https:\/\/www.youtube.com\/watch?v=c9-K5O_qYgA. [Accessed: Jan. 20, 2018]"},{"issue":"2","key":"8376_CR3","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1109\/MCOM.2013.6461195","volume":"51","author":"H Kim","year":"2013","unstructured":"Kim H, Feamster N (2013) Improving network management with software defined networking. IEEE Commun Mag 51(2):114\u2013119. https:\/\/doi.org\/10.1109\/MCOM.2013.6461195","journal-title":"IEEE Commun Mag"},{"key":"8376_CR4","doi-asserted-by":"publisher","unstructured":"Scott-Hayward S, O\u2019Callaghan G, and Sezer S (2013) \u201cSDN Security: A Survey,\u201d in Future Networks and Services (SDN4FNS), 2013 IEEE SDN for, 2013, pp. 1\u20137, doi: https:\/\/doi.org\/10.1109\/SDN4FNS.2013.6702553 [Online]. Available: http:\/\/ieeexplore.ieee.org\/xpl\/articleDetails.jsp?arnumber=6702553","DOI":"10.1109\/SDN4FNS.2013.6702553"},{"key":"8376_CR5","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2015.2453114","author":"S Scott-Hayward","year":"2015","unstructured":"Scott-Hayward S, Natarajan S, Sezer S (2015) A survey of security in software defined networks. Commun Surv Tutorials, IEEE. https:\/\/doi.org\/10.1109\/COMST.2015.2453114","journal-title":"Commun Surv Tutorials, IEEE"},{"key":"8376_CR6","doi-asserted-by":"publisher","unstructured":"Dotcenko S, Vladyko A, and Letenko I (2014) \u201cA fuzzy logic-based information security management for software-defined networks,\u201d in Advanced Communication Technology (ICACT), 2014 16th International Conference on, 2014, pp. 167\u2013171, doi: https:\/\/doi.org\/10.1109\/ICACT.2014.6778942.","DOI":"10.1109\/ICACT.2014.6778942"},{"key":"8376_CR7","doi-asserted-by":"publisher","unstructured":"Jafarian T, Masdari M, Ghaffari A, and Majidzadeh K (2020), \u201cA survey and classification of the security anomaly detection mechanisms in software defined networks,\u201d Cluster Comput., pp. 1\u201319, Sep. . doi: https:\/\/doi.org\/10.1007\/s10586-020-03184-1. [Online]. Available: https:\/\/link.springer.com\/article\/https:\/\/doi.org\/10.1007\/s10586-020-03184-1. [Accessed: Dec. 13, 2020]","DOI":"10.1007\/s10586-020-03184-1 10.1007\/s10586-020-03184-1"},{"issue":"1","key":"8376_CR8","doi-asserted-by":"publisher","first-page":"28","DOI":"10.4018\/IJBDCN.2020010103","volume":"16","author":"Y Hande","year":"2020","unstructured":"Hande Y, Muddana A (2020) A survey on intrusion detection system for software defined networks (SDN). Int J Bus Data Commun Netw 16(1):28\u201347. https:\/\/doi.org\/10.4018\/IJBDCN.2020010103","journal-title":"Int J Bus Data Commun Netw"},{"key":"8376_CR9","doi-asserted-by":"crossref","unstructured":"Zhang Y (2013) \u201cAn adaptive flow counting method for anomaly detection in SDN,\u201d Proceedings of the ninth ACM conference on Emerging networking experiments and technologies. ACM, Santa Barbara, California, USA, pp. 25\u201330, 2013.","DOI":"10.1145\/2535372.2535411"},{"key":"8376_CR10","doi-asserted-by":"publisher","unstructured":"Ha T et al. (2016) \u201cSuspicious traffic sampling for intrusion detection in software-defined networks,\u201d Comput. Networks, vol. 109, Part, pp. 172\u2013182, .doi: http:\/\/dx.doi.org\/https:\/\/doi.org\/10.1016\/j.comnet.2016.05.019. [Online]. Available: http:\/\/www.sciencedirect.com\/science\/article\/pii\/S1389128616301645","DOI":"10.1016\/j.comnet.2016.05.019"},{"key":"8376_CR11","doi-asserted-by":"publisher","unstructured":"Granby BR, Askwith B, and Marnerides AK, \u201cSDN-PANDA: Software-defined network platform for anomaly detection applications,\u201d in 2015 IEEE 23rd International Conference on Network Protocols (ICNP), 2015, pp. 463\u2013466, doi: https:\/\/doi.org\/10.1109\/ICNP.2015.58.","DOI":"10.1109\/ICNP.2015.58"},{"key":"8376_CR12","doi-asserted-by":"publisher","first-page":"537","DOI":"10.1109\/GLOCOM.2014.7036863","volume":"2014","author":"S Hommes","year":"2014","unstructured":"Hommes S, State R, Engel T (2014) \u201cImplications and detection of DoS attacks in OpenFlow-based networks.\u201d 2014 IEEE Glob Commun Conf GLOBECOM 2014:537\u2013543. https:\/\/doi.org\/10.1109\/GLOCOM.2014.7036863","journal-title":"2014 IEEE Glob Commun Conf GLOBECOM"},{"key":"8376_CR13","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2017.7997214","author":"LF Carvalho","year":"2017","unstructured":"Carvalho LF, Fernandes G, Rodrigues JJPC, Mendes LS, Proenca ML (2017) A novel anomaly detection system to assist network management in SDN environment. IEEE Int Conf Commun. https:\/\/doi.org\/10.1109\/ICC.2017.7997214","journal-title":"IEEE Int Conf Commun"},{"issue":"6","key":"8376_CR14","doi-asserted-by":"publisher","first-page":"1890","DOI":"10.1109\/JIOT.2017.2694702","volume":"4","author":"D He","year":"2017","unstructured":"He D, Chan S, Ni X, Guizani M (2017) Software-defined-networking-enabled traffic anomaly detection and mitigation. IEEE Internet Things J 4(6):1890\u20131898. https:\/\/doi.org\/10.1109\/JIOT.2017.2694702","journal-title":"IEEE Internet Things J"},{"key":"8376_CR15","doi-asserted-by":"publisher","unstructured":"Carvalho LF, Abr\u00e3o T, de L, Mendes S, and Proen\u00e7a ML (2018) \u201cAn ecosystem for anomaly detection and mitigation in software-defined networking,\u201d Expert Syst Appl, vol. 104, pp. 121\u2013133, Aug., doi: https:\/\/doi.org\/10.1016\/J.ESWA.2018.03.027. [Online]. Available: https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0957417418301726. [Accessed: Feb. 27, 2019]","DOI":"10.1016\/J.ESWA.2018.03.027"},{"key":"8376_CR16","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2839684","author":"H Peng","year":"2018","unstructured":"Peng H, Sun Z, Zhao X, Tan S, Sun Z (2018) A detection method for anomaly flow in software defined network. IEEE Access. https:\/\/doi.org\/10.1109\/ACCESS.2018.2839684","journal-title":"IEEE Access"},{"key":"8376_CR17","doi-asserted-by":"publisher","unstructured":"Mehdi SA, Khalid J, and Khayam SA (201) \u201cRevisiting traffic anomaly detection using software defined networking,\u201d in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6961 LNCS, pp. 161\u2013180, doi: https:\/\/doi.org\/10.1007\/978-3-642-23644-0_9.","DOI":"10.1007\/978-3-642-23644-0_9"},{"key":"8376_CR18","doi-asserted-by":"publisher","unstructured":"Schechter SE, Jung J, and Berger AW (2004) \u201cFast detection of scanning worm infections,\u201d Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 3224, pp. 59\u201381, . doi: https:\/\/doi.org\/10.1007\/978-3-540-30143-1_4. [Online]. Available: https:\/\/link.springer.com\/chapter\/https:\/\/doi.org\/10.1007\/978-3-540-30143-1_4. [Accessed: Dec. 13, 2020]","DOI":"10.1007\/978-3-540-30143-1_4 10.1007\/978-3-540-30143-1_4"},{"key":"8376_CR19","unstructured":"Twycross J and Williamson MM (2003) \u201cImplementing and testing a virus throttle,\u201d in Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12, p. 20."},{"key":"8376_CR20","doi-asserted-by":"publisher","unstructured":"Williamson MM (2002) \u201cThrottling viruses: Restricting propagation to defeat malicious mobile code,\u201d in Proceedings - Annual Computer Security Applications Conference, ACSAC, 2002, vol. 2002-January, pp. 61\u201368, doi: https:\/\/doi.org\/10.1109\/CSAC.2002.1176279.","DOI":"10.1109\/CSAC.2002.1176279"},{"key":"8376_CR21","doi-asserted-by":"publisher","unstructured":"Mahoney MV (2003)\u201cNetwork traffic anomaly detection based on packet bytes,\u201d in Proceedings of the 2003 ACM symposium on Applied computing - SAC \u201903, 2003, p. 346, doi: https:\/\/doi.org\/10.1145\/952532.952601 [Online]. Available: http:\/\/portal.acm.org\/citation.cfm?doid=952532.952601. [Accessed: Dec. 13, 2020]","DOI":"10.1145\/952532.952601"},{"key":"8376_CR22","doi-asserted-by":"publisher","unstructured":"Kokila RT, Thamarai Selvi S, and Govindarajan K (2015)\u201cDDoS detection and analysis in SDN-based environment using support vector machine classifier,\u201d in 6th International Conference on Advanced Computing, ICoAC 2014, pp. 205\u2013210, doi: https:\/\/doi.org\/10.1109\/ICoAC.2014.7229711.","DOI":"10.1109\/ICoAC.2014.7229711"},{"key":"8376_CR23","doi-asserted-by":"publisher","unstructured":"Sathya R and Thangarajan R (2015) \u201cEfficient anomaly detection and mitigation in software defined networking environment,\u201d in Electronics and Communication Systems (ICECS), 2015 2nd International Conference on, pp. 479\u2013484, doi: https:\/\/doi.org\/10.1109\/ECS.2015.7124952.","DOI":"10.1109\/ECS.2015.7124952"},{"issue":"4","key":"8376_CR24","doi-asserted-by":"publisher","first-page":"8309","DOI":"10.1007\/s10586-018-1755-5","volume":"22","author":"C Yang","year":"2019","unstructured":"Yang C (2019) Anomaly network traffic detection algorithm based on information entropy measurement under the cloud computing environment. Cluster Comput 22(4):8309\u20138317. https:\/\/doi.org\/10.1007\/s10586-018-1755-5","journal-title":"Cluster Comput"},{"key":"8376_CR25","doi-asserted-by":"publisher","unstructured":"Wang R, Jia Z, and Ju L (2015) \u201cAn entropy-based distributed DDoS detection mechanism in software-defined networking,\u201d in Proceedings - 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015, vol. 1, pp. 310\u2013317, doi: https:\/\/doi.org\/10.1109\/Trustcom.2015.389.","DOI":"10.1109\/Trustcom.2015.389"},{"key":"8376_CR26","doi-asserted-by":"publisher","first-page":"122","DOI":"10.1016\/j.bjp.2013.10.014","volume":"62","author":"K Giotis","year":"2014","unstructured":"Giotis K, Argyropoulos C, Androulidakis G, Kalogeras D, Maglaris V (2014) Combining Open flow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput Netw 62:122\u2013136. https:\/\/doi.org\/10.1016\/j.bjp.2013.10.014","journal-title":"Comput Netw"},{"key":"8376_CR27","unstructured":"Visible N and Packard H (2003) \u201cTraffic Monitoring using sFlow,\u201d Analysis, 2003. [Online]. Available: http:\/\/www.sflow.org\/sFlowOverview.pdf"},{"key":"8376_CR28","doi-asserted-by":"publisher","unstructured":"Francois J and Festor O (2014) \u201cAnomaly traceback using software defined networking,\u201d in 2014 IEEE International Workshop on Information Forensics and Security (WIFS) , pp. 203\u2013208, doi: https:\/\/doi.org\/10.1109\/WIFS.2014.7084328","DOI":"10.1109\/WIFS.2014.7084328"},{"key":"8376_CR29","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1561\/2000000039","volume":"7","author":"L Deng","year":"2013","unstructured":"Deng L, Yu D (2013) \u201cDeep learning: methods and applications. Foundations Trends Signal Process 7:197\u2013387","journal-title":"Foundations Trends Signal Process"},{"key":"8376_CR30","doi-asserted-by":"publisher","unstructured":"Dey SK and Rahman MM (2018) \u201cFlow based anomaly detection in software defined networking: A deep learning approach with feature selection method,\u201d in 4th International Conference on Electrical Engineering and Information and Communication Technology, iCEEiCT 2018, Jan. 2019, pp. 630\u2013635, doi: https:\/\/doi.org\/10.1109\/CEEICT.2018.8628069.","DOI":"10.1109\/CEEICT.2018.8628069"},{"key":"8376_CR31","unstructured":"Niyaz Q, Sun W, and Javaid AY (2016) \u201cA deep learning based ddos detection system in software-defined networking (SDN),\u201d arXiv Prepr. arXiv1611.07400, 2016."},{"key":"8376_CR32","doi-asserted-by":"publisher","unstructured":"Tang TA, Mhamdi L, McLernon D, Zaidi SAR, and Ghogho M (2016) \u201cDeep learning approach for Network Intrusion Detection in Software Defined Networking,\u201d in Proceedings - 2016 International Conference on Wireless Networks and Mobile Communications, WINCOM 2016: Green Communications and Networking, pp. 258\u2013263, doi: https:\/\/doi.org\/10.1109\/WINCOM.2016.7777224.","DOI":"10.1109\/WINCOM.2016.7777224"},{"issue":"3","key":"8376_CR33","doi-asserted-by":"publisher","first-page":"566","DOI":"10.1109\/TMM.2019.2893549","volume":"21","author":"S Garg","year":"2019","unstructured":"Garg S, Kumar N, Rodrigues JJPC, Rodrigues JJPC (2019) Hybrid deep-learning-based anomaly detection scheme for suspicious flow detection in SDN: a social multimedia perspective. IEEE Trans Multimed 21(3):566\u2013578. https:\/\/doi.org\/10.1109\/TMM.2019.2893549","journal-title":"IEEE Trans Multimed"},{"issue":"2","key":"8376_CR34","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1049\/iet-net.2017.0212","volume":"7","author":"J Li","year":"2018","unstructured":"Li J, Zhao Z, Li R (2018) Machine learning-based IDS for softwaredefined 5G network. IET Networks 7(2):53\u201360. https:\/\/doi.org\/10.1049\/iet-net.2017.0212","journal-title":"IET Networks"},{"issue":"3","key":"8376_CR35","doi-asserted-by":"publisher","first-page":"2269","DOI":"10.1109\/TNSM.2022.3175710","volume":"19","author":"L Yang","year":"2022","unstructured":"Yang L, Song Y, Gao S, Hu A, Xiao B (2022) Griffin: real-time network intrusion detection system via ensemble of autoencoder in SDN. IEEE Trans Netw Serv Manag 19(3):2269\u20132281. https:\/\/doi.org\/10.1109\/TNSM.2022.3175710","journal-title":"IEEE Trans Netw Serv Manag"},{"key":"8376_CR36","doi-asserted-by":"publisher","unstructured":"Wang J and Wang L (2022) \u201cSDN-Defend: A Lightweight Online Attack Detection and Mitigation System for DDoS Attacks in SDN,\u201d Sensors 2022, Vol. 22, Page 8287, vol. 22, no. 21, p. 8287, doi: https:\/\/doi.org\/10.3390\/S22218287. [Online]. Available: https:\/\/www.mdpi.com\/1424-8220\/22\/21\/8287\/htm. [Accessed: Jan. 03, 2023]","DOI":"10.3390\/S22218287"},{"key":"8376_CR37","doi-asserted-by":"publisher","unstructured":"Isa MM and Mhamdi L (2022) \u201cHybrid deep autoencoder with random forest in native SDN \u0131ntrusion detection environment,\u201d IEEE International Conference Communication, vol. pp. 1698\u20131703, 2022, doi: https:\/\/doi.org\/10.1109\/ICC45855.2022.9838282.","DOI":"10.1109\/ICC45855.2022.9838282"},{"key":"8376_CR38","doi-asserted-by":"publisher","unstructured":"Santos Da Silva A, Wickboldt JA, Granville LZ, and Schaeffer-Filho A (2016) \u201cATLANTIC: A framework for anomaly traffic detection, classification, and mitigation in SDN,\u201d Proc. NOMS 2016 - 2016 IEEE\/IFIP Network Operation Management Symposium, no. Noms, pp. 27\u201335, 2016, doi: https:\/\/doi.org\/10.1109\/NOMS.2016.7502793.","DOI":"10.1109\/NOMS.2016.7502793"},{"key":"8376_CR39","doi-asserted-by":"publisher","unstructured":"Pang C, Jiang Y, and Li Q (2016) \u201cFADE: Detecting forwarding anomaly in software-defined networks,\u201d in 2016 IEEE International Conference on Communications, ICC 2016, Jul. 2016, doi: https:\/\/doi.org\/10.1109\/ICC.2016.7510990.","DOI":"10.1109\/ICC.2016.7510990"},{"key":"8376_CR40","doi-asserted-by":"publisher","unstructured":"Cui Y et al. (2016) \u201cSD-Anti-DDoS: Fast and efficient DDoS defense in software-defined networks,\u201d J Netw Comput Appl, vol. 68, pp. 65\u201379, 2016, doi: http:\/\/dx.doi.org\/https:\/\/doi.org\/10.1016\/j.jnca.2016.04.005. [Online]. Available: http:\/\/www.sciencedirect.com\/science\/article\/pii\/S1084804516300480","DOI":"10.1016\/j.jnca.2016.04.005"},{"key":"8376_CR41","doi-asserted-by":"publisher","unstructured":"Braga R, Mota E, and Passito A (2010) \u201cLightweight DDoS flooding attack detection using NOX\/OpenFlow,\u201d in Proceedings - Conference on Local Computer Networks, LCN, pp. 408\u2013415, doi: https:\/\/doi.org\/10.1109\/LCN.2010.5735752.","DOI":"10.1109\/LCN.2010.5735752"},{"key":"8376_CR42","doi-asserted-by":"publisher","unstructured":"Alzahrani AO and Alenazi MJF (2021) \u201cDesigning a network \u0131ntrusion detection system based on machine learning for software defined networks,\u201d Future Internet 2021, Vol. 13, Page 111, vol. 13, no. 5, p. 111, Apr. 2021, doi: https:\/\/doi.org\/10.3390\/FI13050111. [Online]. Available: https:\/\/www.mdpi.com\/1999-5903\/13\/5\/111\/htm. [Accessed: Jan. 03, 2023]","DOI":"10.3390\/FI13050111"},{"key":"8376_CR43","unstructured":"\u201cOpen Networking Foundation.\u201d [Online]. Available: https:\/\/www.opennetworking.org\/. [Accessed: Jan. 20, 2018]"},{"key":"8376_CR44","unstructured":"ONF and O. N. Foundation, \u201cSoftware-Defined Networking: The New Norm for Networks,\u201d 2012 [Online]. Available: http:\/\/www.opennetworking.org\/images\/stories\/downloads\/sdn-resources\/white-papers\/wp-sdn-newnorm.pdf"},{"key":"8376_CR45","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/COMST.2014.2320094","volume":"99","author":"Y Jarraya","year":"2014","unstructured":"Jarraya Y, Madi T, Debbabi M (2014) A survey and a layered taxonomy of software-defined networking. Commun Surv Tutorials, IEEE 99:1. https:\/\/doi.org\/10.1109\/COMST.2014.2320094","journal-title":"Commun Surv Tutorials, IEEE"},{"key":"8376_CR46","doi-asserted-by":"publisher","unstructured":"McKeown N et al. (2008) \u201cOpenFlow: enabling \u0131nnovation in campus networks,\u201d SIGCOMM Comput. Commun. Rev., vol. 38, no. 2, pp. 69\u201374, . doi: https:\/\/doi.org\/10.1145\/1355734.1355746. [Online]. Available: http:\/\/doi.acm.org\/https:\/\/doi.org\/10.1145\/1355734.1355746","DOI":"10.1145\/1355734.1355746 10.1145\/1355734.1355746"},{"issue":"3\u20134","key":"8376_CR47","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1561\/2000000039","volume":"7","author":"L Deng","year":"2014","unstructured":"Deng L, Yu D (2014) Deep learning: methods and applications. Found trends signal Process 7(3\u20134):197\u2013387","journal-title":"Found trends signal Process"},{"issue":"5232","key":"8376_CR48","doi-asserted-by":"publisher","first-page":"1860","DOI":"10.1126\/science.269.5232.1860","volume":"269","author":"R Hecht-Nielsen","year":"1995","unstructured":"Hecht-Nielsen R (1995) Replicator neural networks for universal optimal source coding. Science. 269(5232):1860\u20131863","journal-title":"Science."},{"key":"8376_CR49","doi-asserted-by":"publisher","unstructured":"Hawkins S, He H, Williams G, and Baxter R (2002) \u201cOutlier detection using replicator neural networks,\u201d in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 2454 LNCS, pp. 170\u2013180, doi: https:\/\/doi.org\/10.1007\/3-540-46145-0_17.","DOI":"10.1007\/3-540-46145-0_17"},{"key":"8376_CR50","doi-asserted-by":"publisher","unstructured":"Cordero CG, Hauke S, Muhlhauser M, and Fischer M (2016) \u201cAnalyzing flow-based anomaly intrusion detection using Replicator Neural Networks,\u201d in 2016 14th Annual Conference on Privacy, Security and Trust, PST 2016, pp. 317\u2013324, doi: https:\/\/doi.org\/10.1109\/PST.2016.7906980.","DOI":"10.1109\/PST.2016.7906980"},{"key":"8376_CR51","doi-asserted-by":"crossref","unstructured":"Dau HA, Ciesielski V, and Song A (2014 ) \u201cAnomaly detection using replicator neural networks trained on examples of one class,\u201d in Asia-Pacific Conference on Simulated Evolution and Learning, 2014, pp. 311\u2013322.","DOI":"10.1007\/978-3-319-13563-2_27"},{"issue":"1","key":"8376_CR52","first-page":"1929","volume":"15","author":"N Srivastava","year":"2014","unstructured":"Srivastava N, Hinton G, Krizhevsky A, Sutskever I, Salakhutdinov R (2014) Dropout: a simple way to prevent neural networks from overfitting. J Mach Learn Res 15(1):1929\u20131958","journal-title":"J Mach Learn Res"},{"key":"8376_CR53","doi-asserted-by":"crossref","unstructured":"T\u00f3th L and Gosztolya G (2004) \u201cReplicator neural networks for outlier modeling in segmental speech recognition,\u201d in International Symposium on Neural Networks, pp. 996\u20131001.","DOI":"10.1007\/978-3-540-28647-9_164"},{"issue":"8","key":"8376_CR54","doi-asserted-by":"publisher","first-page":"1735","DOI":"10.1162\/neco.1997.9.8.1735","volume":"9","author":"S Hochreiter","year":"1997","unstructured":"Hochreiter S, Schmidhuber J (1997) Long short-term memory. Neural Comput 9(8):1735\u20131780. https:\/\/doi.org\/10.1162\/neco.1997.9.8.1735","journal-title":"Neural Comput"},{"key":"8376_CR55","unstructured":"Malhotra P, Ramakrishnan A, Anand G, Vig L, Agarwal P, and Shroff G (2019) \u201cLSTM-based Encoder-Decoder for Multi-sensor Anomaly Detection\u201d [Online]. Available: https:\/\/arxiv.org\/pdf\/1607.00148.pdf. [Accessed: May 04, 2019]"},{"key":"8376_CR56","doi-asserted-by":"publisher","unstructured":"Gu O, Fogla P, Dagon D, Lee W, and \u0160kori\u0107 B (2006) \u201cMeasuring intrusion detection capability: An information-theoretic approach,\u201d in Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, ASIACCS \u201906, vol. 2006, pp. 90\u2013101, doi: https:\/\/doi.org\/10.1145\/1128817.1128834.","DOI":"10.1145\/1128817.1128834"},{"key":"8376_CR57","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2836950","author":"Y Xin","year":"2018","unstructured":"Xin Y et al (2018) Machine learning and deep learning methods for cybersecurity. IEEE Access. https:\/\/doi.org\/10.1109\/ACCESS.2018.2836950","journal-title":"IEEE Access"},{"key":"8376_CR58","doi-asserted-by":"crossref","unstructured":"Spackman KA (1989) \u201cS\u0131gnal detect\u0131on theory: valuable tools for evaluat\u0131ng \u0131nduct\u0131ve learn\u0131ng,\u201d in Proceedings of the Sixth International Workshop on Machine Learning, Elsevier, pp. 160\u2013163.","DOI":"10.1016\/B978-1-55860-036-2.50047-3"},{"key":"8376_CR59","unstructured":"Fawcett T (2004) \u201cROC Graphs: notes and practical considerations for researchers,\u201d HP Labs Tech Rep. HPL-2003\u20134, pp. 1\u201338. doi: 10.1.1.10.9777. [Online]. Available: http:\/\/www.purl. [Accessed: Jan. 15, 2019]"},{"key":"8376_CR60","doi-asserted-by":"crossref","unstructured":"He H and Ma Y (2013) Imbalanced learning: foundations, algorithms, and applications. Wiley, [Online]. Available: https:\/\/books.google.com.tr\/books?id=CVHx-Gp9jzUC","DOI":"10.1002\/9781118646106"},{"key":"8376_CR61","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/NOMS.2014.6838227","volume":"2014","author":"SR Chowdhury","year":"2014","unstructured":"Chowdhury SR, Bari MF, Ahmed R, Boutaba R (2014) \u201cPayLess: a low cost network monitoring framework for software defined networks\u201d, in. IEEE Netw Op Manage Sym (NOMS) 2014:1\u20139. https:\/\/doi.org\/10.1109\/NOMS.2014.6838227","journal-title":"IEEE Netw Op Manage Sym (NOMS)"},{"key":"8376_CR62","doi-asserted-by":"publisher","unstructured":"Abuadlla Y, Kvascev G, Gajin S, and Jovanovi\u0107 Z (2014) \u201cFlow-based anomaly intrusion detection system using two neural network stages,\u201d Comput Sci Inf Syst, vol. 11, no. 2, pp. 601\u2013622, .doi: https:\/\/doi.org\/10.2298\/CSIS130415035A. [Online]. Available: https:\/\/pdfs.semanticscholar.org\/763e\/dd989d84ad3d2a7ffc51ab7cc8069e298cd2.pdf?_ga=2.230778847.1369663390.1548664106-372672204.1546986185. [Accessed: Jan. 28, 2019]","DOI":"10.2298\/CSIS130415035A"},{"key":"8376_CR63","unstructured":"Floodlight, \u201cFloodlight OpenFlow Controller.\u201d [Online]. Available: http:\/\/www.projectfloodlight.org\/floodlight\/. [Accessed: Jan. 20, 2018]"},{"key":"8376_CR64","unstructured":"\u201cOpen vSwitch.\u201d [Online]. Available: http:\/\/openvswitch.org\/. [Accessed: Nov. 16, 2020]"},{"key":"8376_CR65","unstructured":"Mininet Team, \u201cMininet: An Instant Virtual Network on your Laptop (or other PC) - Mininet.\u201d [Online]. Available: http:\/\/mininet.org\/. [Accessed: Nov. 16, 2020]"},{"key":"8376_CR66","doi-asserted-by":"publisher","unstructured":"Shiravi A, Shiravi H, Tavallaee M, and Ghorbani AA (2012) \u201cToward developing a systematic approach to generate benchmark datasets for intrusion detection,\u201d Comput Secur, vol. 31, no. 3, pp. 357\u2013374, 2012, doi: http:\/\/dx.doi.org\/https:\/\/doi.org\/10.1016\/j.cose.2011.12.012. [Online]. Available: http:\/\/www.sciencedirect.com\/science\/article\/pii\/S0167404811001672","DOI":"10.1016\/j.cose.2011.12.012"},{"key":"8376_CR67","unstructured":"\u201cTcpreplay.\u201d [Online]. Available: http:\/\/tcpreplay.synfin.net\/. [Accessed: Nov. 16, 2020]"},{"key":"8376_CR68","unstructured":"\u201cHping - Active Network Security Tool.\u201d [Online]. Available: http:\/\/www.hping.org\/. [Accessed: Nov. 16, 2020]"},{"key":"8376_CR69","doi-asserted-by":"publisher","unstructured":"Zavrak S and Iskefiyeli M (2020) \u201cAnomaly-based \u0131ntrusion detection from network flow features using variational autoencoder,\u201d IEEE Access, vol. 8, pp. 108346\u2013108358, doi: https:\/\/doi.org\/10.1109\/ACCESS.2020.3001350. [Online]. Available: https:\/\/ieeexplore.ieee.org\/document\/9113298\/","DOI":"10.1109\/ACCESS.2020.3001350"},{"issue":"8","key":"8376_CR70","doi-asserted-by":"publisher","first-page":"3074","DOI":"10.1109\/TCYB.2018.2838668","volume":"49","author":"VL Cao","year":"2019","unstructured":"Cao VL, Nicolau M, McDermott J (2019) Learning neural representations for network anomaly detection. IEEE Trans Cybern 49(8):3074\u20133087. https:\/\/doi.org\/10.1109\/TCYB.2018.2838668","journal-title":"IEEE Trans Cybern"},{"key":"8376_CR71","unstructured":"Patterson J and Gibson A (2017) Deep learning: a practitioner\u2019s approach. O\u2019Reilly Media, 2017 [Online]. Available: https:\/\/books.google.com.tr\/books?id=rLcuDwAAQBAJ"},{"key":"8376_CR72","unstructured":"Sutskever I, Martens J, Dahl G, and Hinton G (2013) \u201cOn the importance of initialization and momentum in deep learning,\u201d [Online]. Available: http:\/\/www.cs.toronto.edu\/~fritz\/absps\/momentum.pdf. [Accessed: Jan. 30, 2019]"},{"key":"8376_CR73","unstructured":"\u201cKDD-OpenSource\/DeepADoTS: Repository of the paper \u2018A Systematic Evaluation of Deep Anomaly Detection Methods for Time Series\u2019.\u201d [Online]. Available: https:\/\/github.com\/KDD-OpenSource\/DeepADoTS. [Accessed: Mar. 29, 2021]"},{"key":"8376_CR74","unstructured":"\u201cPyTorch.\u201d [Online]. Available: https:\/\/pytorch.org\/. [Accessed: Nov. 16, 2020]"},{"key":"8376_CR75","volume-title":"Data mining: concepts and techniques","author":"J Han","year":"2011","unstructured":"Han J, Kamber M, Pei J (2011) Data mining: concepts and techniques. Elsevier"},{"key":"8376_CR76","doi-asserted-by":"crossref","unstructured":"Krzanowski WJ and Hand DJ (2009) ROC Curves for Continuous Data. CRC Press, 2009 [Online]. Available: https:\/\/books.google.com.tr\/books?id=UZHwdiwOs4QC","DOI":"10.1201\/9781439800225"},{"key":"8376_CR77","doi-asserted-by":"publisher","unstructured":"Tang TA, Mhamdi L, McLernon D, Zaidi SAR, and Ghogho M (2018) \u201cDeep recurrent neural network for \u0131ntrusion detection in SDN-based networks,\u201d in 2018 4th IEEE Conference on Network Softwarization and Workshops, NetSoft 2018, Sep. 2018, pp. 462\u2013469, doi: https:\/\/doi.org\/10.1109\/NETSOFT.2018.8460090.","DOI":"10.1109\/NETSOFT.2018.8460090"},{"key":"8376_CR78","doi-asserted-by":"publisher","unstructured":"Abubakar A and Pranggono B (2017) \u201cMachine learning based intrusion detection system for software defined networks,\u201d in Proceedings - 2017 7th International Conference on Emerging Security Technologies, EST 2017, pp. 138\u2013143, doi: https:\/\/doi.org\/10.1109\/EST.2017.8090413.","DOI":"10.1109\/EST.2017.8090413"},{"key":"8376_CR79","doi-asserted-by":"publisher","unstructured":"Wang P, Chao KM, Lin HC, Lin WH, and Lo CC (2016) \u201cAn efficient flow control approach for sdn-based network threat detection and migration using support vector machine,\u201d in 2016 IEEE 13th International Conference on e-Business Engineering (ICEBE), pp. 56\u201363, doi: https:\/\/doi.org\/10.1109\/ICEBE.2016.020.","DOI":"10.1109\/ICEBE.2016.020"}],"updated-by":[{"DOI":"10.1007\/s00521-023-08711-w","type":"correction","label":"Correction","source":"publisher","updated":{"date-parts":[[2023,6,15]],"date-time":"2023-06-15T00:00:00Z","timestamp":1686787200000}}],"container-title":["Neural Computing and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00521-023-08376-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s00521-023-08376-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00521-023-08376-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,6,15]],"date-time":"2023-06-15T10:24:18Z","timestamp":1686824658000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s00521-023-08376-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,3,5]]},"references-count":79,"journal-issue":{"issue":"16","published-print":{"date-parts":[[2023,6]]}},"alternative-id":["8376"],"URL":"https:\/\/doi.org\/10.1007\/s00521-023-08376-5","relation":{"has-preprint":[{"id-type":"doi","id":"10.21203\/rs.3.rs-1141416\/v2","asserted-by":"object"},{"id-type":"doi","id":"10.21203\/rs.3.rs-1141416\/v1","asserted-by":"object"},{"id-type":"doi","id":"10.21203\/rs.3.rs-1141416\/v3","asserted-by":"object"}]},"ISSN":["0941-0643","1433-3058"],"issn-type":[{"value":"0941-0643","type":"print"},{"value":"1433-3058","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,3,5]]},"assertion":[{"value":"6 December 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"13 February 2023","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"5 March 2023","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"15 June 2023","order":4,"name":"change_date","label":"Change Date","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"Correction","order":5,"name":"change_type","label":"Change Type","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"A Correction to this paper has been published:","order":6,"name":"change_details","label":"Change Details","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"https:\/\/doi.org\/10.1007\/s00521-023-08711-w","URL":"https:\/\/doi.org\/10.1007\/s00521-023-08711-w","order":7,"name":"change_details","label":"Change Details","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}